28th January 2020
The CAA, in partnership with CREST, has announced SureCloud as one of seven companies to be accredited under its new cybersecurity oversight scheme ASSURE.
ASSURE is an accreditation scheme created by the Civil Aviation Authority (CAA) in partnership with CREST the not-for-profit accreditation and certification body for the technical security industry. The scheme enables aviation organisations to procure accredited cybersecurity audit capabilities to perform an evidence-based validation of their self-assessment, and to support the CAA’s cybersecurity oversight strategy.
CREST and the CAA have accredited SureCloud under the rigorous process defined by the ASSURE framework. To meet ASSURE’s stringent requirements, SureCloud had to firstly be accredited to the CREST penetration testing discipline. SureCloud also had to demonstrate extensive knowledge in the following specialisms: Cyber-audit & risk management, technical cybersecurity expert and Industrial Control Systems /Operational Technology Expert. SureCloud then applied for accreditation, reviewed and approved by CREST and the CAA.
“To be one of only seven companies to be ASSURE accredited is a real testament to our capabilities, and we’re looking forward to broadening our proposition within the aviation space and helping organisations tackle the evolving cyber threats and challenges they face. It’s definitely another feather in the cap for SureCloud, and we’re really pleased to be recognised under such an esteemed scheme.”
Where stipulated by the CAA, aviation organisations will now be required to complete a self-assessment of their cyber security using the CAA’s Cyber Assessment Framework (CAF) for Aviation. Aviation organisations may then be required to contract with an ASSURE Cyber Supplier, such as SureCloud, through the ASSURE Buyer’s Platform to audit their completed CAF for Aviation self-assessment, on behalf of the CAA.
SureCloud is a provider of Gartner recognised GRC software and Cyber & Risk Advisory services. Whether buying products or services, your organisation would benefit from automated workflows and insight from the award-winning SureCloud platform. All of SureCloud’s service offerings are fully compatible with the GRC suite of products enabling a seamless integration of information, taking your risk programmes to the next level.
CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years